openstack
/
tricircle
Code Issues Proposed changes

Use DocumentedRuleDefault instead of RuleDefault 

The policy-and-docs-in-code Queens goal outlines the work required
for projects to move policy into code and document the operations
and defaults.
This commit replaces occurrences of RuleDefault with
DocumentedRuleDefault where appropriate, which requires additional
attributes when used that supply more documentation in rendered
policy files.
Using DocumentedRuleDefault produces more descriptive generated
policy descriptons in 'configuration' section of tricircle docs.

Change-Id: I5be169e996066ff66d165731cf2bf12aaff38fd4
This commit is contained in:
Hieu LE 2017-10-16 11:51:21 +07:00
parent f1055bd70c
commit 9de95f6199
5 changed files with 137 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -34,6 +34,7 @@ nosetests.xml
.mr.developer.cfg
.project
.pydevproject
.idea
# Complexity
output/*.html

3
etc/policy-generator.conf Normal file
View File

@ -0,0 +1,3 @@
[DEFAULT]
output_file = etc/tricircle-policy.yaml.sample
namespace = tricircle

2
setup.cfg
View File

@ -57,6 +57,8 @@ oslo.config.opts =
tricircle.db = tricircle.db.opts:list_opts
tricircle.network = tricircle.network.opts:list_opts
tricircle.xjob = tricircle.xjob.opts:list_opts
oslo.policy.policies =
tricircle = tricircle.common.policy:list_policies
tricircle.network.type_drivers =
local = tricircle.network.drivers.type_local:LocalTypeDriver
vlan = tricircle.network.drivers.type_vlan:VLANTypeDriver

5
tox.ini
View File

@ -42,6 +42,11 @@ deps =
commands = oslo-config-generator --config-file=etc/api-cfg-gen.conf
oslo-config-generator --config-file=etc/xjob-cfg-gen.conf
[testenv:genpolicy]
deps =
-r{toxinidir}/test-requirements.txt
commands = oslopolicy-sample-generator --config-file=etc/policy-generator.conf
[testenv:docs]
deps =
-r{toxinidir}/test-requirements.txt

170
tricircle/common/policy.py
View File

@ -65,50 +65,132 @@ ADMIN_API_JOB_DELETE = 'admin_api:jobs:delete'
tricircle_admin_api_policies = [
policy.RuleDefault(ADMIN_API_PODS_CREATE,
'rule:admin_api',
description='Create pod'),
policy.RuleDefault(ADMIN_API_PODS_DELETE,
'rule:admin_api',
description='Delete pod'),
policy.RuleDefault(ADMIN_API_PODS_SHOW,
'rule:admin_api',
description='Show pod detail'),
policy.RuleDefault(ADMIN_API_PODS_LIST,
'rule:admin_api',
description='List pods'),
policy.RuleDefault(ADMIN_API_ROUTINGS_CREATE,
'rule:admin_api',
description='Create resource routing'),
policy.RuleDefault(ADMIN_API_ROUTINGS_DELETE,
'rule:admin_api',
description='Delete resource routing'),
policy.RuleDefault(ADMIN_API_ROUTINGS_PUT,
'rule:admin_api',
description='Update resource routing'),
policy.RuleDefault(ADMIN_API_ROUTINGS_SHOW,
'rule:admin_api',
description='Show resource routing detail'),
policy.RuleDefault(ADMIN_API_ROUTINGS_LIST,
'rule:admin_api',
description='List resource routings'),
policy.RuleDefault(ADMIN_API_JOB_CREATE,
'rule:admin_api',
description='Create job'),
policy.RuleDefault(ADMIN_API_JOB_LIST,
'rule:admin_api',
description='List jobs'),
policy.RuleDefault(ADMIN_API_JOB_SCHEMA_LIST,
'rule:admin_api',
description='List job schemas'),
policy.RuleDefault(ADMIN_API_JOB_REDO,
'rule:admin_api',
description='Redo job'),
policy.RuleDefault(ADMIN_API_JOB_DELETE,
'rule:admin_api',
description='Delete job')
policy.DocumentedRuleDefault(ADMIN_API_PODS_CREATE,
'rule:admin_api',
description='Create pod.',
operations=[
{
'path': '/pods',
'method': 'POST'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_PODS_DELETE,
'rule:admin_api',
description='Delete specified pod.',
operations=[
{
'path': '/pods/{pod_id}',
'method': 'DELETE'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_PODS_SHOW,
'rule:admin_api',
description='Show pod details.',
operations=[
{
'path': '/pods/{pod_id}',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_PODS_LIST,
'rule:admin_api',
description='List pods.',
operations=[
{
'path': '/pods',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_CREATE,
'rule:admin_api',
description='Create resource routing',
operations=[
{
'path': '/routings',
'method': 'POST'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_DELETE,
'rule:admin_api',
description='Delete resource routing',
operations=[
{
'path': '/routings/{id}',
'method': 'DELETE'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_PUT,
'rule:admin_api',
description='Update resource routing',
operations=[
{
'path': '/routings/{id}',
'method': 'PUT'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_SHOW,
'rule:admin_api',
description='Show resource routing detail',
operations=[
{
'path': '/routings/{id}',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_LIST,
'rule:admin_api',
description='List resource routings',
operations=[
{
'path': '/routings',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_CREATE,
'rule:admin_api',
description='Create job',
operations=[
{
'path': '/jobs',
'method': 'POST'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_LIST,
'rule:admin_api',
description='List jobs',
operations=[
{
'path': '/jobs',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_SCHEMA_LIST,
'rule:admin_api',
description='List job schemas',
operations=[
{
'path': '/jobs/schemas',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_REDO,
'rule:admin_api',
description='Redo job',
operations=[
{
'path': '/jobs/{id}',
'method': 'PUT'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_DELETE,
'rule:admin_api',
description='Delete job',
operations=[
{
'path': '/jobs/{id}',
'method': 'DELETE'
}
])
]